technology a field study choice. a. The impact mobile devices cybersecurity Courses fulfill General Education Requirements (GERs) UMUC a common theme -- technological transformations.
The preferred device for browsing the web, making purchases, using social media, and emailing is the smartphone. Many people find it is easier to carry a smartphone due to its size. A breeding ground for cyber attacks has resulted from the popularity of mobile devices. Mobile devices like smartphones and tablets have no security software that protects the data held within the device. Mobile devices do not contain the traditional security software like antivirus, encryption, and firewalls found in personal computers. According to Wright, Dawson Jr., and Omar (2003)
the operating system used in mobile phones is not frequently updated, which makes it easy for cyber attackers to use this for their advantage. In the corporate environment, almost all employees use mobile devices. These devices provide the employees with opportunities to increase their effectiveness, but there are significant concerns raised regarding privacy of corporate data. The devices store information retrieved from corporate servers and emails, which would result in serious damage if accessed by an attacker. Many organizations allow employees to access the organization's network using their personal devices. This makes the networks vulnerable to external attacks as the employees might use the devices in other unsecured networks. The devices will access organizational information. This information been stored on the devices is easily accessible to anyone who gains access to the device.
Extensive use of mobile devices
A survey conducted on IT professionals managing corporate networks indicated that a majority of employees were using mobile devices to access corporate networks Goyal & Carter, 2004.
The respondents indicated that there was a broad use of mobile devices within their organizations. This indicates that many people prefer to use their mobile devices at work. The devices used are either personal or company issued. The growth of mobile device has led to the devices been the devices of choice for many employees to access their company emails. The employees prefer using mobile devices as they can retrieve information even when they are not in the office. The employees will access public networks in coffee shops or other places using the same devices. This causes a problem for the IT professionals as the devices are authenticated to access corporate servers. An attacker will use the mobile devices to gain access to sensitive information or corporate secrets.
In case the mobile device is stolen, the thief will have access to the users information, and they can use that information for malicious purposes. The security of mobile devices is limited, and it is easier for the attackers to steal the devices and gain access to all the information stored on the devices. The IT professional does not manage the information stored on the mobile devices. The devices have synchronization facilities that allow the devices to synchronize actively information from the corporate networks. This indicates that if an attacker gains access to a mobile device they will receive information constantly as the device keeps on synchronizing. The attacker could inject scrambled data into the mobile device, which will then be synchronized with the corporate data. This provides the attacker with a way to infect corporate data servers or alter information stored on the servers.
Mobile devices are becoming more vulnerable as attack targets. The use of mobile devices for a variety of activities like accessing emails and online transactions has made them vulnerable to many malicious attacks. The malicious attacks are on the rise with the continual usage of mobile devices. The number of mobile vulnerabilities has risen by almost 42% Leavitt, 2011.
People are using the devices to store sensitive data like contact information, passwords, emails, and calendars, which make them prone to attacks. The attackers are aware of the information stored on the devices, and they are coming up with sophisticated ways to access the information. The use of mobile applications to access social networks allows the devices to store a wealth of personal information. Users are also able to conduct online transactions over wireless networks. These activities require the user to store information on the devices, and any breach on the device would result in huge losses due to the information stored Ruggiero & Foote, 2011()
The vulnerabilities of mobile devices are similar to those personal computers. Since mobile devices are easy to carry, modify, and use they are prone to more attacks then personal computers. The most common attacks that mobile devices face include theft, malware, phishing, or viruses.
Theft of mobile device is very likely since they are small and easy to steal. If a user loses their phone, they could lose their data and any other information stored on the device. The loss could result in the attacker overriding security features of the device and gain access to other services used by the user. Majority of users do not use PIN numbers to protect their phones, which make them easy targets for information theft. All a user needs is to steal the device and quickly access the information before the user can report its loss. With more time, a sophisticated attacker could penetrate the security features of the device and access all the information stored on the device. Many users enable the auto login feature, which would enable the thief to access all their emails or financial information. Many mobile devices do not employ the two-step authentication feature, and this makes it easy for the thief to gain access to sensitive information. Once a person has access to the device, they can access corporate, financial, and private data. The thief could also misuse the device and the user would be held liable for any activities conducted using their stolen device.
Attackers have discovered that there is minimal or no authentication conducted before users install applications on their mobile devices. The attackers have created legitimate looking applications that contain malware. According to Barrera and Van Oorschot (2011)
the applications are disguised as games, utility applications, or security patches. Since the users cannot easily determine the authenticity of the applications, they will not suspect the application, and they will proceed to install. The malware is able to jailbreak the device and allow the attacker to gain root access to the device. With root access, the attacker is able to install other applications that will monitor the user's activities and send the logs to the attacker. The attacker could use the information for malicious purposes. The lack of security software on most devices has made them easy targets for malware attacks.
Phishing is quite easy because all the attackers requires is the victim to click on a malicious link from their email using their mobile device.
Mobile devices are also prone to phishing voice calls and SMS messages. These are attacks targeted towards mobile devices only. Since majority of users access their personal and company emails using their phones, the attackers have developed phishing websites that are geared towards mobile phones. The victim's are not aware of the malicious links since their phones do not have any security software. The phishing website will gather the user's information and send it back to the attacker. The information the attacker accesses could be of a sensitive nature and this could have severe consequences on the victim. E-mail spoofing for mobile devices is the easiest way the attackers can employ. Employing the poor security technologies found on mobile devices, the attackers have managed to trick their victims to click links found on their emails and entering sensitive information. The attackers are aware that users are now accessing and conducting financial transactions using their mobile phones, which has seen them develop phishing applications for mobile devices.
Protecting mobile devices
The proliferation and continual technological advancements for mobile devices will only increase the number of devices and vulnerabilities. Guarding against any mobile device vulnerabilities is easy provided a user understands the implications. The devices should have authentication facilities. This will guard against any unauthorized access to the phone if stolen. The only an attacker would override this feature is by formatting the device, which will erase all the information stored on the device. Activating idle-time screen lock will ensure that the device lock automatically if it is not in use. This will prevent any person from snooping on the mobile device when the user is not around. Screen lock will discourage people from accessing the phone without the user knowing. For sensitive applications, users should have two-factor authentication. Using two-factor authentication will enable the user to conduct sensitive transactions on their mobile devices safely. With two-factor authentication, the user will have to provide the password and information regarding something only the user would know.
When downloading applications, the user should ensure that they verify the applications. VAN ()
posits that assessing the digital signatures of the applications enable the user to confirm the authenticity of the applications. The user has to…